Datazag

Infrastructure Intelligence

The data behind Datazag.

Domains, DNS, infrastructure, certificates, relationships and risk delivered as reports, APIs and cloud-native data shares. Built for technical teams that want to evaluate the data quickly and move from sample to production without heavy integration work.

Explore the dataStart evaluating

Coverage

Built at internet scale. Refreshed continuously.

Live catalogue metadata from Datazag's production snapshots. Updated 16:13 UTC.

490M

Domains monitored

10.5M

IPs linked to domains

79k

Networks profiled

Live

Certificate monitoring

Hourly

Priority refresh

00:00 UTC

Latest snapshot

What do you collect?

Scan the categories. Recognise the fields you need.

The public page does not expose the full 100+ field schema. It shows enough for a technical buyer to decide whether the data is worth testing.

Domains

340M+ monitored
DomainRoot domainTLDAgeRegistrarRiskFirst seenHistory

DNS & email

Hourly refresh
A / AAAAMXNSTXTSPFDMARCBIMIMTA-STSTLS-RPTMailbox provider

Infrastructure

10M+ domain-linked IPs
IPASNASN nameCountryPrefixCloudHostingCDNDNS provider

Certificates

Live monitoring
IssuerSANsFingerprintValidityNew issuanceReusePlatform hints

Relationships

Graph built continuously
Shared IPsShared certsShared DNSRelated domainsCampaign surfaceEvidence paths

History

Iceberg / Delta time travel
SnapshotsDeltasFirst seenLast seenDNS changesProvider changesRisk trends

How is it built?

We do the enrichment before you receive the data.

Datazag is not a repackaged threat feed. We continuously observe internet infrastructure, expand what we find, build relationships, compare history and generate evidence-backed intelligence.

External reputation and abuse signals are used only as supporting validation where appropriate. They are not the primary source of detection and are not exposed as feed-membership flags in datasets.

1

Internet observations

We observe domains, DNS, certificates, routing and platform signals as the internet changes.

2

Infrastructure expansion

A single domain is expanded into its IPs, providers, certificates, routing context and surrounding infrastructure.

3

Platform identification

We classify cloud, hosting, CDN, DNS, email and SaaS platforms using infrastructure evidence.

4

Relationship analysis

Shared infrastructure exposes clusters, campaigns and connected assets that isolated indicators miss.

5

Historical comparison

Snapshots and deltas show what changed, when it changed and whether the pattern is unusual.

6

Evidence generation

Scores are supported by reason codes, confidence and observable evidence rather than opaque labels.

Ready-made datasets

Start with a dataset that matches your workflow.

You can consume broad Infrastructure Intelligence, but most teams start with a curated view that exposes the fields they need and keeps SQL simple.

Mail Hygiene

Email validation, customer onboarding, CRM and marketing data cleaning.

Mailbox providerDisposableParkedSPFDMARCBIMIMTA-STSDomain risk

Infrastructure Labels

SIEM enrichment, NetFlow, asset inventory, labelling and analytics.

ASNASN organisationCountryCloud providerHosting providerCDNDNS provider

New Domain Feed

Threat hunting, brand protection, fraud monitoring and early detection.

First seenDNSCertificateProviderPlatformRiskRelationships

Campaign Discovery

SOC investigation, CTI, incident response and evidence packs.

Related domainsShared IPsShared certificatesConcentrationCampaign surfaceEvidence paths

Portfolio Intelligence

Enterprise security, M&A, cyber insurance, supplier and client estate review.

DNS postureEmail postureInfrastructure exposurePlatform inventoryHistorical changesRisk trends

Need something more specific?

We can publish curated data views that combine multiple intelligence products into one table tailored to your workflow. This is a paid option for teams that want fewer columns, simpler SQL and only the data they need.

Ready to JOIN

Turn one log value into context, evidence and action.

Other vendors hand you raw attributes and leave interpretation to your team. Datazag returns infrastructure context, provider labels, relationships, risk and reason codes in one join.

SELECT
  logs.domain,
  dz.risk_score,
  dz.hosting_provider,
  dz.mailbox_provider,
  dz.primary_asn,
  dz.related_domain_count,
  dz.reason_codes
FROM dns_logs logs
LEFT JOIN datazag.infrastructure_intelligence dz
  ON logs.domain = dz.domain
WHERE dz.risk_score >= 80;

Pre-enriched

DNS, certificates, provider, network and history are already joined.

Ready to JOIN

Designed for SQL, SIEM enrichment, analytics and ML workflows.

Relationship-aware

Find the campaign, not just the domain.

Explainable

Risk comes with reasons, evidence and confidence.

Historical

See how infrastructure changed over time.

Cloud native

Iceberg and Delta shares support time travel and incremental processing.

Access

Choose how you want to consume the data.

Start with a report or API sample, then move to alerts or full cloud data shares when you are ready to operationalise.

We analyse it for you

Reports

Executive and technical reports for domains, portfolios, suppliers and client estates.

Start with a report

We notify you

Alerts

Platform, keyword and brand impersonation alerts delivered through portal, webhook or workflow integrations.

View alert products

You enrich in real time

API

Cached lookups, live refresh and build-on-demand enrichment for products, fraud systems and SIEM pipelines.

See API pricing

You analyse everything

Cloud Data Shares

Native Iceberg and Delta datasets with flat-rate access, time travel, incremental updates and SQL-ready joins.

View data shares

Supported delivery

IcebergDeltaSnowflakeDatabricksAzureAWSGoogle CloudJSON API

Sources and cadence

Transparent enough to evaluate. Simple enough to scan.

Infrastructure Intelligence is built from observation, expansion and analysis. Supporting reputation signals are used for validation, not as the core product.

Core observation layers

Active DNS resolutionDNS record expansionCertificate TransparencyInternet routingASN and prefix analysisRPKI validationPlatform fingerprintingCloud and hosting identificationHistorical observationsExternal reputation validation signals

Freshness model

Certificates: live
Priority infrastructure: hourly
Full internet: ~40 hours
Routing: every 2 hours
RPKI: every 8 hours
Snapshots: continuous

Evaluate

Try the data before you commit.

The goal is simple: let a technical buyer spend 15 minutes deciding whether Datazag is useful. Start with the route that fits your evaluation style.

Download sample schema

Inspect the fields and decide whether the data fits your workflow.

Start here

Request sample dataset

Try a small sample before committing to a full data share.

Start here

Browse API pricing

Use credits for real-time lookup, enrichment and live refresh.

Start here

View cloud data shares

Flat-rate datasets for analytics, hunting and modelling.

Start here